This Example illustrates how injection is used in the sql query.
Database is the main part of any application used to store the sensitive information like user credentials, financial information etc. SQL Injection is a technique to break the security of the database of the application. This is one of the most common technique used by hackers to steal the data from the database from the application layer. The name "SQL injection" itself indicates that it injects or manipulates SQL code by adding unexpected Sql string to a query. This can result into database manipulation in an unexpected way i.e. the application will run the Sql query that was not intended.
In the below source code, the first query is the normal query which has no problem in execution, as our MySQL statement will just select everything from "emp" table where name equal to "sandeep". In the next query, the ' ' OR 1 makes the sql not the same that we intended because it will always be true and each entry in the table would be selected by this statement.
Source Code of phpSqlInjection.php
We have 1000s of tutorials on our website. Search Tutorials tutorials on our website.
Posted on: January 20, 2009 If you enjoyed this post then why not add us on Google+? Add us to your Circles